IBM joins hunt for rogue wireless LAN access points

IBM has announced it will enter the battle against unauthorised wireless LAN access points (AP) with a monitoring tool that the...

IBM has announced it will enter the battle against unauthorised wireless LAN access points (AP) with a monitoring tool that the company says can automatically detect the use of "rogue" APs on large-scale enterprise networks.

Unauthorised wireless LAN APs are usually installed without the knowledge of companies' IT departments by employees seeking inexpensive mobility within an office. Analysts estimate that thousands of such devices, which cost less than $200 (£133), are installed each month, most of them with no security measures in place.

Scott Womer, manager of systems engineering at Atmos Energy, said he believes the problem of rogue APs will get worse before it gets better as prices for APs come down.

Chris Kozup, an analyst at Meta Group, warned that enterprises also need to check their networks for malicious rogue APs, which could easily be jacked into wired networks by outsiders seeking business or government intelligence.

The IBM Distributed Wireless Security Auditor, introduced last week by the company's research division, uses authorised wireless clients as sensors to detect unauthorised APs, Dave Safford, manager of global security analysis at IBM, said. Each client runs a small Linux program that detects APs and reports their IP and Media Access Control (MAC) addresses to a central database.

The database contains the MAC and IP addresses of all authorised APs, which makes it easy to automatically determine whether a device is a rogue one. In addition, the IBM package includes triangulation software, so network managers can pinpoint the physical location of unauthorised APs.

Distributed Wireless Security Auditor might be useful in a campus environment, Womer said. But he doubted that it could help him centrally monitor wireless devices hooked into a network that is "spread across 13 states".

Wireless Security Auditor could scale globally, allowing central monitoring of wireless networks for companies with widely dispersed offices or plants, said Safford.

Safford expects IBM to bring the wireless auditor to market in a matter of months. The company will have to compete with two start-ups in the wireless LAN security field: AirDefense and AirMagnet.

Read more on Wireless networking